CVE-2008-2729

Canonical Ltd has issued updates for its Kernel package to plug multiple security holes. A security issue affects the following Ubuntu releases:

=> Ubuntu 6.06 LTS => Ubuntu 7.04 => Ubuntu 7.10 => Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

Description

IPsec protocol stack did not correctly handle fragmented ESP packets. A remote attacker could exploit this to crash the system, leading to a denial of service.(CVE-2007-6282)

The 64bit kernel did not correctly handle hrtimer updates. A local attacker could request a large expiration value and cause the system to hang, leading to a denial of service. (CVE-2007-6712)

The ia32 emulation under 64bit kernels did not fully clear uninitialized data. A local attacker could read private kernel memory, leading to a loss of privacy. (CVE-2008-0598)

A race condition was discovered between ptrace and utrace in the kernel. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2008-2365)

The copy_to_user routine in the kernel did not correctly clear memory destination addresses when running on 64bit kernels. A local attacker could exploit this to gain access to sensitive kernel memory, leading to a loss of privacy. (CVE-2008-2729)

The PPP over L2TP routines in the kernel did not correctly handle certain messages. A remote attacker could send a specially crafted packet that could crash the system or execute arbitrary code. (CVE-2008-2750)

Gabriel Campana discovered that SCTP routines did not correctly check for large addresses. A local user could exploit this to allocate all available memory, leading to a denial of service. (CVE-2008-2826)

How do I update Kernel package?

Open terminal and type the following two commands:$ sudo apt-get update $ sudo apt-get upgrade After a standard system upgrade you need to reboot your computer to effect the necessary changes:$ sudo reboot

Red Hat has issued a security update for its Kernel that fixes issues related to following packages. This update has been rated as having important security impact on RHEL 4.x / 5.x, and you are recommended to update system as soon as possible.